Security Operations T2 Analyst

 Role Description:

●    Incident Response: Actively participate and provide support in all phases of security incident response, including tracking, stakeholder communication, remediation, and recovery

●    Alert Triage & Investigation: Perform Level 2 triage of incoming incidents, providing initial assessment of priority, determining incident nature and risk, and appropriately routing security or privacy data requests

●    Deep Dive Analysis: Conduct comprehensive incident response analysis leveraging expertise in cybersecurity incidents, anomaly analysis, log analysis, digital forensics, and common threat vectors

●    Tool Proficiency: Utilize Splunk SIEM and support forensic tools to monitor, investigate, and correlate security events

●    Reporting & Documentation: Ensure all incident details are accurately entered into the incident tracking system

●    Develop detailed incident report during and after incidents, outlining mitigation, recovery, and operational return-to-normal actions

●    Record and report all incidents in adherence to Federal and department policies

●    Create and track network incidents and investigations through to closure

●    Stakeholder Coordination: Coordinate with reporting entities (e.g CISA) to fully understand event details and facilitate effective communication with stakeholders

●    Operational Guidance: Serve as key personnel for Incident Management, providing coordination, task assignment, and process guidance for incident response events

●    SOP Adherence & Escalation: Strictly follow established SOPs, policies, and procedures for timely escalation and notification of Federal leadership and reporting

●    Remediation & Recovery: Actively participate in the remediation and recovery of incidents generated by live threats against the enterprise

●    Control Optimization: Review, revise, and recommend enhancements to technical, process, and physical security controls

●    Defensive TTP Development: Develop and implement defensive cyber best practice tactics, techniques, and procedures to strengthen our security posture.

●    Mentorship: Manage assigned investigations, ensuring active progress and assist Tier 1 analysts as needed to resolve investigations

Required Qualifications & Education:

●    Bachelors in science in Computer Science, Information Systems, Mathematics, Engineering, or a related degree OR an additional 2+ years of relevant experience

●    4+ years of Information Technology experience

●    Excellent organizational, verbal, presentation/facilitation, and written communication skills. Comfortable presenting briefings to the client.

●    Demonstrate proficiency in the Incident Response Process and SOC operations and a good understanding of threat hunting

●    Good understanding of system log information and where to collect specific data/attributes as required for the Incident Events

●    Operational understanding of enterprise networking and security tools (firewalls, Antivirus, HIDS, IDS/IPS, proxy, WAF), Windows and Unix/Linux systems’ operations

●    Experience performing log analysis and reporting

●    Experience creating and tracking investigations to resolution

●    Experience with Endpoint security solutions, including but not limited toWindows Defender, Tanium, FireEye Solutions, Antivirus Solutions, and EDR Tools

●    Understanding of compliance or regulatory frameworks (i.e., FISMA, NIST,ISO)

●    Solid understanding of the application, authentication, network security principles, and operating system hardening techniques

●    General knowledge of cyber-attack frameworks (MITRE ATT&CK andLockheed Cyber Kill Chain)

●    Understanding of Computer Network Defense (CND) policies, procedures, and regulations

●    SIEM monitoring and analysis, analyzing network traffic, log analysis, prioritizing and differentiating between potential intrusion attempts and false alarms

●    Ability to work with or support senior leaders to understand risk factors and communicate effective mitigation strategies

●    Ability to work independently to address and resolve a security incident with minimal supervision

●    Cybersecurity certifications are preferred but not required

‍

Clearance and Location Requirements:

●    Able to be cleared for a Public Trust clearance.

●    This position is currently fully remote.

‍